<?php
header("Content-type:text/html;charset=utf-8");
require_once("dbtools.inc.php");
$id=$_COOKIE['id'];
$correct_t=$_COOKIE['correct'];

$link = create_connection();
$sql="select * from users where id=$id and status='normal'";
$result=@execute_sql($link,'zhihu',$sql);

$user = @mysqli_fetch_object($result)->username;
$user = $user.'thonsun123';
if($correct_t!=md5($user)){
    @mysqli_free_result($result);
    @mysqli_close($link);
    header("location:login.php");
}

$sql="select * from users where id=$id and status='normal'";
$result=@execute_sql($link,'zhihu',$sql);
$password = mysqli_fetch_object($result)->passwd;

$nickname = $_POST['nickname'];
$email = $_POST['email'];
$sex = $_POST['sex'];
$old_password = $_POST['old_password'];
$new_password = $_POST['new_password'];
$password_again = $_POST['password_again'];
var_dump($old_password,$password);
if (md5($old_password) == $password){
    if($new_password == $password_again){
        $p = md5($new_password);
        $link=create_connection();
        $sql="update users set nickname='$nickname',email='$email',passwd='$p',sex='$sex' where id=$id";
        echo $sql,$password;
        $result=execute_sql($link,"zhihu",$sql);

        echo "<script>alert('修改成功');window.location.href='profile.php';</script>";

        @mysqli_free_result($result);
        @mysqli_close($link);
    }else {
        echo "<script>alert('两次密码不一样');history.back();</script>";
    }
}else {
    echo "<script>alert('旧密码错误');history.back();</script>";
}

?>